Gecko [ www.finalhopeacademy.com ]

Name	Size	Permission
00_Init_Initialization.conf	3.27 KB	-rw-r--r--
01_Init_AppsInitialization.con...	1.84 KB	-rw-r--r--
02_Global_Generic.conf	23.78 KB	-rw-r--r--
03_Global_Agents.conf	5.15 KB	-rw-r--r--
04_Global_Domains.conf	3.3 KB	-rw-r--r--
05_Global_Incoming.conf	1.42 KB	-rw-r--r--
06_Global_Backdoor.conf	2.2 KB	-rw-r--r--
07_XSS_XSS.conf	36.21 KB	-rw-r--r--
08_Global_Other.conf	7.44 KB	-rw-r--r--
09_Bruteforce_Bruteforce.conf	5.98 KB	-rw-r--r--
10_HTTP_HTTP.conf	4.11 KB	-rw-r--r--
11_HTTP_HTTPDoS.conf	3.95 KB	-rw-r--r--
12_HTTP_Protocol.conf	12.1 KB	-rw-r--r--
13_HTTP_Request.conf	2.42 KB	-rw-r--r--
14_Outgoing_FilterGen.conf	5.35 KB	-rw-r--r--
15_Outgoing_FilterASP.conf	1.75 KB	-rw-r--r--
16_Outgoing_FilterPHP.conf	2.54 KB	-rw-r--r--
17_Outgoing_FilterSQL.conf	11.83 KB	-rw-r--r--
18_Outgoing_FilterOther.conf	3.57 KB	-rw-r--r--
19_Outgoing_FilterInFrame.conf	1.86 KB	-rw-r--r--
20_Outgoing_FiltersEnd.conf	2.49 KB	-rw-r--r--
21_PHP_PHPGen.conf	1.59 KB	-rw-r--r--
22_SQL_SQLi.conf	13.72 KB	-rw-r--r--
23_ROR_RORGen.conf	2.97 KB	-rw-r--r--
24_Apps_Joomla.conf	7.85 KB	-rw-r--r--
25_Apps_JComponent.conf	42.66 KB	-rw-r--r--
26_Apps_WordPress.conf	10.96 KB	-rw-r--r--
27_Apps_WPPlugin.conf	414.97 KB	-rw-r--r--
28_Apps_WHMCS.conf	967 B	-rw-r--r--
29_Apps_Drupal.conf	83.09 KB	-rw-r--r--
30_Apps_OtherApps.conf	484.08 KB	-rw-r--r--
LICENSE.txt	11.09 KB	-rw-r--r--
bl_IPs	0 B	-rw-r--r--
bl_URLs	714 B	-rw-r--r--
bl_agents	1.92 KB	-rw-r--r--
bl_domains	134.24 KB	-rw-r--r--
bl_input	3.84 KB	-rw-r--r--
bl_os_files	29.46 KB	-rw-r--r--
bl_output	2.17 KB	-rw-r--r--
bl_output_java	240 B	-rw-r--r--
bl_output_php	8.88 KB	-rw-r--r--
bl_output_sql	1.77 KB	-rw-r--r--
bl_php_functions	589 B	-rw-r--r--
bl_scanners	539 B	-rw-r--r--
bl_scanners_headers	216 B	-rw-r--r--
bl_scanners_urls	418 B	-rw-r--r--
categories.conf	262.29 KB	-rw-r--r--
cwatch_managed_domains	0 B	-rw-r--r--
cwatch_protected_domains	0 B	-rw-r--r--
rules.conf.main	975 B	-rw-r--r--
rules.dat	5 B	-rw-r--r--
userdata_bl_IPs	50 B	-rw-r--r--
userdata_bl_URLs	109 B	-rw-r--r--
userdata_bl_agents	37 B	-rw-r--r--
userdata_bl_cookies	34 B	-rw-r--r--
userdata_bl_domains	34 B	-rw-r--r--
userdata_bl_extensions	375 B	-rw-r--r--
userdata_bl_headers	98 B	-rw-r--r--
userdata_bl_referers	35 B	-rw-r--r--
userdata_login_pages	149 B	-rw-r--r--
userdata_wl_IPs	125 B	-rw-r--r--
userdata_wl_URLs	48 B	-rw-r--r--
userdata_wl_agents	37 B	-rw-r--r--
userdata_wl_content_type	193 B	-rw-r--r--
userdata_wl_domains	34 B	-rw-r--r--
userdata_wl_extensions	54 B	-rw-r--r--
userdata_wl_methods	30 B	-rw-r--r--

Name

Size

Permission

Action

00_Init_Initialization.conf

3.27 KB

-rw-r--r--

01_Init_AppsInitialization.con...

1.84 KB

-rw-r--r--

02_Global_Generic.conf

23.78 KB

-rw-r--r--

03_Global_Agents.conf

5.15 KB

-rw-r--r--

04_Global_Domains.conf

3.3 KB

-rw-r--r--

05_Global_Incoming.conf

1.42 KB

-rw-r--r--

06_Global_Backdoor.conf

2.2 KB

-rw-r--r--

07_XSS_XSS.conf

36.21 KB

-rw-r--r--

08_Global_Other.conf

7.44 KB

-rw-r--r--

09_Bruteforce_Bruteforce.conf

5.98 KB

-rw-r--r--

10_HTTP_HTTP.conf

4.11 KB

-rw-r--r--

11_HTTP_HTTPDoS.conf

3.95 KB

-rw-r--r--

12_HTTP_Protocol.conf

12.1 KB

-rw-r--r--

13_HTTP_Request.conf

2.42 KB

-rw-r--r--

14_Outgoing_FilterGen.conf

5.35 KB

-rw-r--r--

15_Outgoing_FilterASP.conf

1.75 KB

-rw-r--r--

16_Outgoing_FilterPHP.conf

2.54 KB

-rw-r--r--

17_Outgoing_FilterSQL.conf

11.83 KB

-rw-r--r--

18_Outgoing_FilterOther.conf

3.57 KB

-rw-r--r--

19_Outgoing_FilterInFrame.conf

1.86 KB

-rw-r--r--

20_Outgoing_FiltersEnd.conf

2.49 KB

-rw-r--r--

21_PHP_PHPGen.conf

1.59 KB

-rw-r--r--

22_SQL_SQLi.conf

13.72 KB

-rw-r--r--

23_ROR_RORGen.conf

2.97 KB

-rw-r--r--

24_Apps_Joomla.conf

7.85 KB

-rw-r--r--

25_Apps_JComponent.conf

42.66 KB

-rw-r--r--

26_Apps_WordPress.conf

10.96 KB

-rw-r--r--

27_Apps_WPPlugin.conf

414.97 KB

-rw-r--r--

28_Apps_WHMCS.conf

967 B

-rw-r--r--

29_Apps_Drupal.conf

83.09 KB

-rw-r--r--

30_Apps_OtherApps.conf

484.08 KB

-rw-r--r--

LICENSE.txt

11.09 KB

-rw-r--r--

bl_IPs

0 B

-rw-r--r--

bl_URLs

714 B

-rw-r--r--

bl_agents

1.92 KB

-rw-r--r--

bl_domains

134.24 KB

-rw-r--r--

bl_input

3.84 KB

-rw-r--r--

bl_os_files

29.46 KB

-rw-r--r--

bl_output

2.17 KB

-rw-r--r--

bl_output_java

240 B

-rw-r--r--

bl_output_php

8.88 KB

-rw-r--r--

bl_output_sql

1.77 KB

-rw-r--r--

bl_php_functions

589 B

-rw-r--r--

bl_scanners

539 B

-rw-r--r--

bl_scanners_headers

216 B

-rw-r--r--

bl_scanners_urls

418 B

-rw-r--r--

categories.conf

262.29 KB

-rw-r--r--

cwatch_managed_domains

0 B

-rw-r--r--

cwatch_protected_domains

0 B

-rw-r--r--

rules.conf.main

975 B

-rw-r--r--

rules.dat

5 B

-rw-r--r--

userdata_bl_IPs

50 B

-rw-r--r--

userdata_bl_URLs

109 B

-rw-r--r--

userdata_bl_agents

37 B

-rw-r--r--

userdata_bl_cookies

34 B

-rw-r--r--

userdata_bl_domains

34 B

-rw-r--r--

userdata_bl_extensions

375 B

-rw-r--r--

userdata_bl_headers

98 B

-rw-r--r--

userdata_bl_referers

35 B

-rw-r--r--

userdata_login_pages

149 B

-rw-r--r--

userdata_wl_IPs

125 B

-rw-r--r--

userdata_wl_URLs

48 B

-rw-r--r--

userdata_wl_agents

37 B

-rw-r--r--

userdata_wl_content_type

193 B

-rw-r--r--

userdata_wl_domains

34 B

-rw-r--r--

userdata_wl_extensions

54 B

-rw-r--r--

userdata_wl_methods

30 B

-rw-r--r--

Code Editor : 23_ROR_RORGen.conf

# ---------------------------------------------------------------
# Comodo ModSecurity Rules
# Copyright (C) 2022 Comodo Security solutions All rights reserved.
#
# The COMODO SECURITY SOLUTIONS Mod Security Rule Set is distributed under
# THE COMODO SECURITY SOLUTIONS END USER LICENSE AGREEMENT,
# Please see the enclosed LICENCE file for full details.
# ---------------------------------------------------------------
# This is a FILE CONTAINING CHANGED or MODIFIED RULES FROM THE:
# OWASP ModSecurity Core Rule Set (CRS)
# ---------------------------------------------------------------

SecRule REQUEST_HEADERS:Content-Type "@contains application/xml" \
	"id:218600,phase:1,pass,nolog,ctl:forceRequestBodyVariable=on,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx type.{0,399}yaml.{0,399}--- !ruby\/hash:ActionController::Routing::RouteSet::NamedRouteCollection.{0,399}\n.{0,399}!ruby\/object:ActionController::Routing::Route.{0,399}\n\s*segments.{0,399}\n\s*requirements" \
	"id:218601,msg:'COMODO WAF: Arbitrary code execution and denial of service vulnerability in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 (CVE-2013-0156)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx type.{0,399}yaml.{0,399}--- !ruby\/hash:ActionDispatch::Routing::RouteSet::NamedRouteCollection.{0,399}\n.{0,399}!ruby\/object:OpenStruct.{0,399}\n\s*table.{0,399}\n.{0,399}defaults" \
	"id:218602,msg:'COMODO WAF: Arbitrary code execution and denial of service vulnerability in Ruby on Rails before 2.3.15, 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x before 3.2.11 (CVE-2013-0156)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:403,log,rev:5,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_HEADERS:Content-Type "@contains application/json" \
	"id:218610,phase:1,pass,nolog,ctl:forceRequestBodyVariable=on,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx \Q--- !ruby/hash\u003aActionController\u003a\u003aRouting\u003a\u003aRouteSet\u003a\u003aNamedRouteCollection\E\n.+\Q!ruby/object\u003aActionController\u003a\u003aRouting\u003a\u003aRoute\E\n.+\Qsegments\u003a\E.+\Qrequirements\u003a\E" \
	"id:218611,msg:'COMODO WAF: Arbitrary code execution conducting SQL injection attacks vulnerability in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 (CVE-2013-0333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:504,log,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"

SecRule REQUEST_BODY "@rx \Q--- !ruby/hash\u003aActionDispatch\u003a\u003aRouting\u003a\u003aRouteSet\u003a\u003aNamedRouteCollection\E\n.+\Q!ruby/object\u003aOpenStruct\E\n.+\Qtable\u003a\E\n.+\Q\u003adefaults\u003a\E" \
	"id:218612,msg:'COMODO WAF: Arbitrary code execution conducting SQL injection attacks vulnerability in Ruby on Rails 2.3.x before 2.3.16 and 3.0.x before 3.0.20 (CVE-2013-0333)||%{tx.domain}|%{tx.mode}|2',phase:2,deny,status:504,log,rev:3,severity:2,tag:'CWAF',tag:'RORGen'"

${this.title}

Code Editor : 23_ROR_RORGen.conf